December 02, 2007

The FISA Document Dump, An Inventory

by emptywheel

I've put together an excel file listing the documents included in Friday's document dump on the communications DNI McConnell had regarding the FISA amendment. I've still got a turkey hangover, so let me know if you spot any errors.

Here's what I've noticed:

There's a weird chronology behind the response to the FOIA request

The DNI's definition of duplicative is different than my definition of duplicative

The DNI must consider Republican correspondence classified

The DNI seems to lose Democratic correspondence

Weird Chronology

First, the chronology. EFF originally FOIAed documents on August 31, asking for records on both meetings with telecoms and discussions with Congress (there were actually two separate FOIA requests--see exhibits K and L here). On both FOIA requests, EFF asked for materials dating from April 2007 to "the present." On September 10, DNI responded to EFF saying it would expedite the EFF request.

Now look at the dates on the documents included. They start with one document from before the time frame--a March 23 letter from the SSCI leadership asking for a FISA bill. It's a pretty important document because it shows Congress taking the lead on this, which may be why they included it. But then the documents go through September 26--long after the August 31 request, and more than two weeks after DNI said it was expediting the EFF request. But then, it stops short of what are likely to be some interesting events leading up the October 18 SSCI bill.

There is probably a very reasonable explanation: that DNI took "present" to mean that time when it started working on the request. Though if that's true, it suggests DNI sat on the request for almost two weeks, before it started expediting anything.

"Duplicative"

Now, when DNI explained why the review process took so long (and presumably, why they couldn't give us document through the "present" of late November), one of the things they claimed they would do is remove duplicate documents.

﻿As the records are located and forwarded to the IMO, the FOIA analyst handling this case conducts a continual analysis and review of the documents located. During the review process the analyst handling this case first removes any non-responsive and duplicative material from the records that are received. She then creates working copies of the documents and document indexes and assesses whether there would be any necessary consultations and/or referrals with those entities maintaining equity in the documents. She also reviews the records for the application of any FOIA exemptions. [my emphasis]

Which is why I find it curious that there are two copies of McConnell's May 1 testimony before SSCI and two copies of his September 18 testimony before HJC. I'll need to go back and look closely to see if these are just two revisions. But if not, it appears that this analyst, who spent at least two months reviewing these documents, still couldn't find all the duplicative documents.

Also, what's with the date on McConnell's September testimony to SSCI? It took place on September 25, but is dated September 20.

Classified Republican Correspondence

One of the first things that sticks out about these documents is the absence of any documents primarily directed to Republicans. Partly that's just a reflection of the fact that the Democrats hold the majority in both Houses of Congress--so the scheduling correspondence will come exclusively from Democrats.

But there are two indications that there may--perhaps should--be more. First is a letter sent to Senators Jello Jay Rockefeller, Levin, and Leahy on July 24, reflecting a meeting with Josh Bolten, Ed Gillespie, and McConnell the previous day. The Republican counterparts to these three Senators (Bond, McCain, and Scottish Haggis Specter) are cc'ed. But the document itself is addressed rather pointedly to the Democrats. That's particularly interesting, given that Specter is his typical wishy washy self on these issues--did they feel they had no need to persuade Scottish Haggis?

So where's the counterpart document, the one addressed to Senators Bond, McCain, and Specter? Did they get their own briefing? Were they invited to the one on July 23? Or did they get a briefing from the folks actually running the show on this issue: Dick and Addington?

I'm just surmising that that document exists. But it appears clear there is some kind of communication between Crazy Pete Hoekstra and Alexander Joel, DNI's Civil Liberties Protection Officer that didn't make it into the document dump. Alexander writes a letter to Hoekstra and Silvestre Reyes on September 17, detailing how the PAA protects American civil liberties. Alexander explains that he is responding to a request from Hoekstra.

I am writing this letter in response to a request from the Ranking Member of the House Permanent Select Committee on Intelligence.

Now, it's possible that Hoekstra made the request in person or over the phone. But I find it doubtful that a government officer would accept such a request without memorializing it at all--there'd at least be a tracking sheet to track legislative requests. But, unlike every other example where a letter to Congress responds to a request that appears among the document requests, for this one the request is not present.

Taken together, I wonder whether the Republicans claimed privilege over their correspondence with DNI. After all, you don't want citizens to know that you've gamed the legislative process, nor do you want it made clear that the guy in charge of our intelligence is a partisan hack.

[Update: of course, it goes without saying that there is also no correspondence from telecom companies. I'm not surprised about that--after all, the name of every telecom is no doubt considered classified, so I bet we won't figure out who was lobbying McConnell until the year end lobbying disclosure forms. The question is--will we get telecom correspondence when the next dump comes, sometime before the 10th?]

Lost Democratic Correspondence

Mind you, just because they've included the Democratic correspondence doesn't mean they're responding to it quickly. There are at least three examples where's there's a big delay in response. For example, Congressman Tom Udall wrote Bush a letter on May 3. We don't get a copy of that letter, but apparently Bush pawned the response off on McConnell, who finally responds to Udall on June 25. Worry not, though, McConnell gave him a very sweet response--a handwritten note saying,

Sir, I also would be happy to meet with you personally to discuss further.

I guess he doesn't want to get Bush in trouble for the delayed response?

Then there's a July 27 letter from Senator Whitehouse to McConnell. Under a stamped RECEIVED stamp, someone has written in the date, August 15. Now, perhaps that's misleading, but does that suggest McConnell never responded to Whitehouse's sincere attempt to craft the right language for the FISA amendment until after the bill was passed into law?

Far and away the most interesting delayed "response" (though it's not a response at all) is the letter from Reyes and Hoekstra to McConnell and Alberto Gonzales dated May 31. It lists all of the documents they say they need to be able to draft an amendment to FISA--you know, things like the presidential directives on the program and the legal authorization for it? Well, we know the Bush Administration didn't respond to any of these requests until October. But what is most interesting about this document is that it was faxed on Friday August 1 at 15:13. In other words, it was faxed--it's not clear from whom or to whom--right in the middle of the legislative wrangling over the PAA. Now, the most logical explanation for this is that Reyes raised the outstanding request during negotiations over the bill, and McConnell told them to re-fax it. Still, I find it curious that that document was sent, from someone to someone else, right in the middle of the debate. [Update: William Ockham points out that the correct date for this--June 1, so presumably from Congress to DNI. But then he notes,

They OCR'ed that fax before they copied it into the document dump. Hmm...

That doesn't make any sense to me, though it might explain why Reyes' name looks so funky on this.]

Marcy, remind me to never attempt to hide anything from you... ;-) As usual, this is brilliant analysis!

I suspect that your conclusions, coupled with an article that I saw this morning in the local rag to the effect that lobbyists are scrambling to get everything they can out of Bush before he goes out of office, point to the fact that Bush and his people don't care one bit what the public knows. They are going to continue to game the system to wring every last bit of privacy and profit from the citizens -- and they will use our elected representatives to help them.

We can only hope and pray that some good sense will start to take hold somewhere. I guess that there have been a couple of attempts to stand up for the rule of law in recent weeks, but Bush and Cheney still hold all the cards.

From the extreme manner in which these people are trying to get the immunity for the telecoms, I just have to wonder what will happen if the telecoms don't get it. The telecoms might have some major headaches, but I suspect that there are a lot of elected officials who could be prosecuted for the crimes that would be revealed.

Yeah, and they didn't include the cover page for the fax. I'm also wondering if the person who compiled the FOIA response realized what had happened. This is probably stupid human error, but with this crowd, you gotta wonder...

sojourner, disagree with you on one point. Bush and Cheney do **not** hold all the cards. Harry Reid played a good one when he refused to allow the Senate to recess. Many parties have cards, including the EFF.

FWIW, I think you are onto something on the telcom immunity issue: ...there are a lot of elected officials who could be prosecuted for the crimes that would be revealed. Consider adding: 'and administration appointees'.

I took the duplication of Mikey's stuff and the inclusion of numerous fax cover sheets to be another example of deliberate non-responsiveness to EFF's FOIA requests. Send just the junk stuff and we're off the hook.

In my conspiracy-fevered mind *g*, I can't help but believe that this was part of a deliberate stall gameplan:

A. The assignment of just "1" person to vet these documents.
B. That "1" person somehow couldn't recognize the duplication of Mikey's documents.
C. That "1" person took months and months to come up with this crap.
D. That with a court order on Tuesday, the DNI/ODNI can miraculously produce on Friday that which they claimed on Monday could not be produced.

As a general rule, the document dump includes the cover page for a fax after the last page. That's a strange convention. I still haven't figured out what order these documents are in.

Btw, your link to Whitehouse's letter is actually to the other Whitehouse letter. Interestingly, both of them have the same received stamp, but are initialled by different people. Whitehouse seems to be the only person whose mail they quarantine for at least two weeks.

ROTL, my gut is telling me that there is something else at stake here besides just telecom immunity.

I still puzzle over the fact that the telecoms would roll over and do things contrary to what the Constitution said. They have scads of attorneys at their behest that had to be telling them, "No, this is illegal," regardless of what the administration or the attorney general was saying. A true emergency is one thing, but as someone noted several weeks ago, this 'emergency' has been going on now for several years. Did someone hold a gun to their head? I doubt it. I do think that the administration suckered them into going along to get along, and now they are all in a pile of trouble. No one was ever supposed to know...

You are correct that Bush and Cheney do not hold all the cards, although I would sure feel better if I did not think Reid would cave in at the slightest issue...

The telecom immunity has little to do with the telecoms. The main, and overriding, concern of the administration is to kill the lawsuits because, if they move forward, there will be a legal ruling that the TSP was illegal (there's really no doubt that it was illegal). Then administration officials will be liable for criminal penalties under FISA.

Also, take a look at what happened to Joseph Nacchio. I have no idea whether he was guilty, but I'm convinced he was prosecuted because Qwest didn't play ball. I'm not sure there were any telecom executives during the first half of this decade who could have stood up to a determined U.S. attorney.

"After 10 years and over $450 million, the FBI estimates that only 10 to 20 percent of the wireline switches, and approximately 50 percent of the pre-1995 and 90 percent of the post-1995 wireless switches, respectively, have CALEA software activated and thus are considered CALEA-compliant."

"...The disassociation of the VoIP provider from the ISP combined with the mobility of the VoIP user makes CALEA applied to VoIP exceedingly complex. As things stand, investigations against people who are constantly on the move are likely either to fail or to violate the privacy of innocent bystanders..."

"In this Freedom of Information Act lawsuit, the Electronic Frontier Foundation (EFF) seeks information about two electronic surveillance systems developed by the FBI: DCS-3000 and Red Hook.

Little is publicly known about these spying tools. DCS-3000 was developed in the wake of "Carnivore" or DCS-1000, a controversial surveillance system the FBI used several years ago to monitor online traffic through Internet service providers. One Department of Justice report said DCS-3000 was created to "to intercept personal communications services delivered via emerging digital technologies used by wireless carriers." According to the same report, Red Hook is a system developed to "collect voice and data calls and then process and display the intercepted information."

On May 7, 2007, a federal judge ordered the FBI to process and release documents responsive to EFF's request on a rolling basis. Those records will be posted here as EFF receives them."

And there are plenty of documents released at that link to read if you are so inclined.

Sojourner - WO is quite correct. I would add that you are right about the legal prowess of the telcos legal departments and, as I have stated many times, you can bet that they were given information, assurances and probably multiple written documents by the Administration (illegally and improperly) that what was being requested was indeed legal and absolutely critical to the protection of the US. This is, without going into the whole spiel, why I have constantly said the telcos don't need immunity. We taxpayers may not like it, but it is the government that will be eventually on the hook for most any of the losses the telcos could suffer from the suits.

BMAZ and WO -- I've got the picture, I think... I have been pulled in too many different directions the last few weeks, and obviously have not kept up with all of what has been transpiring.

One question for WO... You state "Then administration officials will be liable for criminal penalties under FISA." Does that mean that George will have to shell out fines and even go to prison, or just that they will saddle the government with the penalties?

Sojourner, here's the best way that I can think of to explain what I think this means -

When you made an analog phone call, the call started, traveled over phone lines, and routed through exchanges, then ended when you hung up. Dial, speak, hang up. Then the phone company kept a 'call log' that listed the time you phoned, the number you called, etc, etc. But they didn't have any way to note WHAT that call discussed, unless they tapped the wire. And analog phone calls did not lend themselves to quick and easy backup records (contrast with email or voice mail).

But with digital communications, stuff moving across the toobz is tagged, and those tags are all 'metadata'. Each 'container' (or message) is tagged to ensure that the system can properly route it. Traditionally, the metadata was 'outside the message' - to use an analogy: when you write an address on an envelope and toss it in a mailbox, you don't think of the address as part of your message. But Bu$hCo have been reading your messages, AND ALSO reading the address (metadata) content. With digital content, the tags can tell a great deal about the meaning and content of your message.

And under FISA, the address (or 'metadata') is NOT part of the message/content. But Bu$hCo are claiming that it is. Because they've already been reading it.

Evidently, Bu$hCo have been using all the 'metadata' (think 'envelop addresses' to make it easy to grasp the concept) and routing, sorting, identifying us all. The problem: that's not legal. But obviously, they're counting on pulling the wool over the eyes of all of us, including Congress.

But clearly, the people at Sun Research are not bamboozled.
As I understand the information in that document from Sun's Research division, the FISA architecture probably makes it EASIER for criminals to do very bad things. Sun is saying, 'There's a serious set of security problems here - you're building a system that could be a superhighway for bad actors to exploit". Now, how does that enhance national security?

For Congress to get bamboozled on the basis of 'national security' to approve a system that allows any of the scenarios laid out in that Sun Research paper is beyond irresponsible. You'd think they'd never heard Lurita Doan, or Abu Gonzo, or Kyle 'the Aggregator' Sampson testify. Because would you want any of those people in positions of responsibility about who can read your email, your online banking transmissions, etc, etc? Sheesh....!

If the government has ALREADY been mining the metadata, when the law specifically forbids it... well... that would certainly explain why Bu$hCo is so urgently pressing Congress to pass its version of FISA, and it would also explain why it smears anyone who doesn't simply bend before their will as 'unpatriotic. (Translation of Bushspeak: "If I can intimidate you by calling you 'unpatriotic' into passing this law, so that it will legally cover my ass and I won't risk charges and jail time, just watch how mercilessly I'm going to defame you." I mean, honestly, what other options do these people have left? None.)

Perhaps Congress might want to consider whether it thinks Sun's researchers might be more credible than Bu$hCo. That'd be a good place to start.

--------------------------
As for the telecom immunity, Rayne had some great insights a week or two ago on a prior thread. At the risk of misquoting, she suggested that the telcos need Net Neutrality to keep their outdated business structures functional (by opening up Golden Revenue Flows to their newly de-regulated 'information services'). Who controls whether or not that Golden River will flow? Congress and Bu$hCo.
Just keep in mind that every single communication request or response on that system will contain metadata. So the DNI will mine it, first by claiming that the header content (which is metadata) is 'part of the message content'. You may not want reconsider downloading too much porn content 'On Demand' <8 :-p

pow wow, once again, thanks for those links. Awesome.
And also to Wm Ockham for clarification. And EW.

The telecom scadals of the 90's 'How one company, WorldCom, and its bankers at Citigroup, came to epitomize the conflicts of interest at the heart of the late-90s bubble'... reminds me of the corporate donor connection and how the telecoms were part of a conspiracy to defraud investors and ratepayers. Telecoms are so imbedded in the corporate oligarchy they are beholden to the WH they are in bed and of course the coporate culture is predictable. You can look at any company in the game and uncover how the "compete" by getting around the laws, rules and regulations when they know the Fox is guarding the hen house in this administration. Sadly many dems are playing that game. Just look at Pelosi's face and the others.

The Senators' Chiefs of Staff now have been notified of our intention (1) to put Griffin in as USA under an AG appointment and (2) to issue a press release our of DOJ today stating the same.

Chris, I think the While House (you) needs to continue the dialogue with the Senators re our desire to have the President nominate, and the Senate confirm, Griffin. They think they smell a rat, i.e., that we are doing an end around of their advice and consent authority by exercising the new, unlimited AG appointment authority.

Monica, please be sure that the Griffin meeting with Sen. Pryor gets scheduled.

rotl -- if you peek back at this thread, could you post a link to the Sun document you mentioned? I know someone mentioned it previously, but at the moment I can't find it and I would really like to read it. Thanks!

I'm not sure I know what the Sun Research info is, and the only Kris pdf I have is the 50ish page working paper, which I haven't finished, but here are my fast thoughts on what I've seen so far.

First off, in the waves v. wire issue, the by-the-by issue is that from the beginning the courts have treated wave info differently IIRC. So when there is a reference to "all" foreign to foreign wave info being ok to pick up or "vacuum" this really was originally tied to the nature of the communications and not so much the govt perception of its needs.

So when Kris mentions that a) much of the original NSA surveillance was "self-help" and not done with telecom assistance, and b)that "all" foreign to foreign wave communications could be intercepted, IMO he's really talking about flip sides of the same coin. The reason "all" foreign to foreign wave communications could be intercepted was bc they were wave and bc for wave communiations no assistance or cooperation was needed and that was one of the reasons that the courts had not protected wave communications. IIRC, until legislation, domestic wave communications were not protected either, bc there was a perception that anyone really interested in intercepting those waves could pluck them from the air, kind of like reducing a wild animal to capture, and so law enforcement could as well. bmaz may know more and I may be misremembering this (it was back when I was a mere child after all *g*) but IIRC this was an issue with law enforcement cruising or parking in a neighborhood and picking up, with no warrant, waves commuications that went from mobile phones to the handsets?

If I am recalling correctly, it wasn't so much that there was an judicial acceptance that ALL FOREIGN TO FOREIGN communications could be intercepted, as there was an acceptance that all wave communications (including all domestic wave commuications) could be intercepted, but for restricting legislation. IOW, there was found to be no real privacy interest in waves you put out knowing that anyone could capture them.

He doesn't get into that and I'm not in a position to do real research on it, but I think was how things were evolving in that time frame of the 70s.

He then speaks in terms of there never really being any question but that "all" foreign to foreign interception, with no warrants, is ok and that Congress and FISA never sought to limit that. But there, IMO, he's not completely accurate. FISA never speaks to whether or not "all" foreign communication is ok to intercept without a warrant or not, bc it speaks to the AG approving warrantless interception of only of "foreign intelligence information" ("the President, through the Attorney General, may authorize electronic surveillance without a court order under this subchapter to acquire foreign intelligence information" 1802a1)

And under FISA, foreign intelligence information is NOT defined as ALL foreign to foreign communication, but rather (and in keeping with the case law existing at the time) communications involving foreign powers that are being tracked for national security purposes. (1801e defining foreign intelligence information http://www.law.cornell.edu/uscode/html/uscode50/usc_sec_50_00001801----000-.html
speaks in terms of, for example, surveillance neccessary to protect the US from "grave hostile acts of a foreign power or an agent of a foreign power" or information about a foreign power that is necessary to "the conduct of the foreign affairs of the United States" etc. It's a longish definition, which would have been easily avoided by simply saying "all foreign to foreign communications" if it was intended that all such communications were AUTHORIZED to be vacuumed by FISA.

So, unlike most people looking at the problems, I get hung up before we even get to the US persons aspects of 'teh program.' And I have to wonder if this isn't an area that has the teleproviders freaked too. As Kris mentioned, one reason that gov liked FISA was that, while Gov didn't "need" the teleproviders for accessing wave communications, it made life tremendously easier to access wire communication with their assistance and Kris does lift some of the old AT&T testimony about how they really didn't go overboard to help out Gov with surveillance.

So FISA puts in a requirement to help if certain standards are met. Unfortunately for "teh telecoms" "the program" was outside of those standards. So, even assuming a mostly foreign to foreign focused program, just what would the teleproviders have been doing? Giving "all" foreign to foreign communications, without warrant, to US gov?

Doesn't that bring something else to mind? SWIFT, for example? See, even if you bought the "FISA allows vacuuming of all foreign to foreign communcations" with respect to the US gov, what about teleproviders who operate, not just in the US, but in those foreign countries and are subject to the laws of those countries?

Let's look swiftly back at the SWIFT Operation. http://www.nytimes.com/2006/06/23/washington/23intel.html?_r=1&oref=slogin

The US got the banking consortium to turn over all kinds of financial data - not in response to a warrant, but in response to some made up "administrative" warrant document. Apparently the program began as an "emergeny response" but then, like what typically happens when you break the law over and over and keep getting away with it, it became the new standard of practice.

Some of those officials expressed reservations about the program, saying that what they viewed as an urgent, temporary measure had become permanent nearly five years later without specific Congressional approval or formal authorization
Interestingly, where the NYT piece begins talking about all the privacy concerns being discussed it makes the point of saying:The program is separate from the National Security Agency's efforts to eavesdrop without warrants and collect domestic phone records, operations that have provoked fierce public debate and spurred lawsuits against the government and telecommunications companies which might make you wonder if some of the concerns were similar and involved foreign nations' laws and liability under those laws for the third party information providers.

In any event, by 2003 - more than a year after 9/11 - apparently the banking consortium got cold feet and was about to back out when someone finally got the bright idea that maybe there could be some oversight. Umm, no, not judicial warrants and no "real" oversight, but hey - let's take this program that most of Congress knows nothing about and cannot exercise oversight over, and get an "independent auditor" briefed in on the program and reassure the bankers by saying the independent auditor will suddenly start checking to make sure that searches are related to leads on suspected terrorists. As a matter of fact, the concept of "vacuuming" foreign info was one that the gov spokesperson, Levey, RUSHED (swiftly you might say) to disavow.

Among the safeguards, government officials said, is an outside auditing firm that verifies that the data searches are based on intelligence leads about suspected terrorists. "We are not on a fishing expedition," Mr. Levey said. "We're not just turning on a vacuum cleaner and sucking in all the information that we can

BTW - gues who that outside firm was? Try DCI McConnell's Booze Allen, who after their TIA escapades were no doubt a disineterested auditor. Uh huh.
http://www.privacyinternational.org/article.shtml?cmd[347]=x-347-543749According to SWIFT, Booz Allen Hamilton reviews records of searches run against the SWIFT data to verify that the searches were appropriate and that access to the SWIFT data was not abused.

And they are still subject to ongoing European based investigations and not only that, but reports as of October were that they will stop processing European transfers in the US to keep from having to deal with US pressure to be involved in illegal programs.
http://www.out-law.com/page-8548SWIFT argued that it was obliged to comply with US orders because it carried out hosting and processing of information in the US. European data protection officials have condemned the release of the information. European, Swiss and Belgian data protection authorities all ruled that SWIFT had broken data protection laws in supplying the information without informing bank customers of the US surveillance
...
"The new structure foresees by the end of 2009 the creation of a new operation centre in Switzerland. This means personal data in intra-European transactions will no longer be processed in the US operating centre," said the body.

Brussels-based SWIFT is still under investigation by the Belgian Data Protection Authority for potential breaches of data protection legislation.

There has been a similar fight on European flight information.

http://www.theregister.co.uk/2006/10/10/pnr_stitchup/
From last year: European data protection authorities are choking on their baguettes after seeing the detail of the data-sharing agreement the EU signed with the US
...
European data protection law prevents data being sent to another country that doesn't have equivalent protections.
...
The new agreement was supposed to have guaranteed the same level of protection, which was in effect a gentleman's agreement, in which the US promised to play ball. The EC said it "trusted" the US would honour the deal.
But equivalent protections have not been secured, it was revealed in a letter sent by the US Department of Homeland Security to Faull and Irma Ertman, lead negotiator for the European Council's Finnish Presidency, on Friday, after the agreement was struck.

So - let's step back for a moment and think about some of the reasons why "just talking about" teh program is so dangerous from DOJ's stance and why there was such an adamant claim from Hayden and others about no data mining originally.

Even though the prosecutors in the US DOJ are thoroughly corrupt and are owned by the lawbreakers is exactly the same manner as if they were owned by the mafia, that's not the case everywhere. So if we keep "talking about" the US stance that it can vacuum ALL foreign to foreign wire (so needing telecom assistance) communications, aren't the privacy commissioners going to start paying attention at some point?

So without even getting to the US surveillance, where DOJ can gang up on victims of illegal surveillance to prevent them from having any recourse and where Congress is willing to go along with haphazard vivisection of the Constitution, I have to think the teleproviders have a huge problem if they were vacuuming all foreign to foreign communications, with no warrants, for the US. And that's why, IMO, Spectre's approach might even be worse for US taxpayers than it seems on its face, bc it may be structured in such a way as to require US taxpayers to also foot the bill for any European penalties that may be or become applicable.

Running out of time, but I guess the other issues I thik Kris skirts are that, when the original "vacuuming" he describes was at work - it was very clear that no such information could be used for criminal prosecution purposes. Now - that has been stood on its head by the Patriot Act(s) and FISA courts are required to grant warrants that do not meet a criminal probable cause standard and are specifically intended to be fishing expeditions for criminal prosecutions, as long as there is some "tack on" of a foreign surveillance rationale.

And the other issue that Kris doesn't mention is that when Congress was supposedly allowing all this indiscriminate collection of information(I don't think FISA does actually allow it - but whatever), you did not have an Executive Branch that took the position it could roam the world, kidnapping at will, to DISAPPEAR PEOPLE, INCLUDING CHILDREN, into abuse, torture and death.

Certainly, there is a different reaction to vacuuming information when it is going to be used for such a purpose.

Also, once you allow all "foreign to foreign" communications and you are utilizing massive data preservation technology as well, how do you keep that info save from misuse such as industrial espionage, political blackmail, etc.?

One other quick note - Kris mentions email and the fact that "unprotected" persons like foreign to foreign communications should not necessarily receive protection because it is stored in a 'very protected location' like US based servers. I think, there, he misses the point that is being made with the relocations of SWIFT. If the US takes that kind of position, then I have to think Europeans will demand that their email storage go to an ACTUALLY PROTECTED location. Whatever the difficulties faced by the US with the mild to debilitated protections under US law, I have to think that they will be even more disadvantaged if that is replaced by having to go through European courts for access to European based storage locations or having the teleproviders face violations of European law.

Mary -- great post, thanks. So I have a couple of questions for you...

First, a hypothetical question... lets say I'm a German citizen living in Germany and I find that the US has been spying on me (communications, banks, what have you) and I want to sue. Assuming that EU/German laws have been broken by the telcos, I sue in EU/German courts. Presumably the telcos are on the hook for damages. How will FISA laws (old ones, PAA, or new revisions) protect those telcos in Europe? Is there some way that the telcos can point to the US government and say, "not our fault, sue them"? If so, this seems to raise questions of standing. For example, if a German citizen can't sue the US government in US courts for kidnapping and torture, how will they have the standing to sue the US government for breaching their privacy rights?

Second, it seems to me that the US government is creating a climate for US telcos that could be so legally treacherous for them, that they might find themselves better served by moving most of their operations overseas. That strikes me as a bad omen for our economy in general. Do you see it this way, or am I reading too much into this?

Oh, and by the way, EW is relocating to FDL (she has her own site linked through there). At any rate, there appear to be dual threads, one here and one there. It would be worth copying your comment over there, because it does seem the foreign-to-foreign part of the discussion of FISA is getting glossed over and more people should know about it...

phred, Popped on quickly to see whether sojourner had been on with a question. Here's the info for you:

From the "Beer & Turkey Thirty" post --- http://research.sun.com/people/slandau/PAA.pdf
This link was posted by: pow wow | December 01, 2007 at 18:48
A summary worth reading, along with the document, was posted by: pow wow | December 02, 2007 at 00:12

Mad Dogs has also commented with some nice links, including, I note on this thread, a 'little gem' re: Kyle 'the Aggregator' Sampson. (And, in case you're not familiar with the term, 'aggregating' is something that RSS feeds do, and that other technologies do quite well. For more: http://en.wikipedia.org/wiki/Aggregator

In Congressional testimony, Sampson described himself as 'The Aggregator' and no Congresscritter called him on it, so he got away with it. He used geekish-speak to avoid responsibility for his actions; typical of BushBots.

Sampson carried out Rove's commands, and helped politicize the DoJ. That's not 'aggregating'; that's boot-licking and goose-stepping. To camoflage himself as 'an Aggregator' who simply 'collected information' (as if his actions had no consequences for people's lives, and no role in politicizing the DoJ) is cowardly and dishonest. And just where are his missing emails...? Where'd those get 'aggregated' off to?
Another hat tip to Mad Dogs ;-)

The time you spend on that Sun link will be worth it, I think. But also if you have time do note pow wow's summary of the file. Best, rOTL

How will FISA laws (old ones, PAA, or new revisions) protect those telcos in Europe?

I have no idea. This would be my speculation - I am guessing that whatever privacy laws apply (and I don't know what they are in Europe) there is protection for a telecom that was complying with a valid warrant. There may be protection, also, for a telecom that is complying with the law of a foreign nation (so that the statutory directives to cooperate in FISA would perhaps come into play. In general, though, they don't help in any freestanding way and would only help to the extent that European or foreign privacy laws that might have been violated have a safe harbor for complying with a statute or with judicial process - even if in another country.

Is there some way that the telcos can point to the US government and say, "not our fault, sue them"?

Almost none that I can think of UNLESS Spectre-type legislation, whereby the US voluntarily makes itself responsible for any litigation, would come into play. If you are a corporation doing business in a nation, you are responsible for following its laws. A foreign gov temptress in your ear doesn't change that.

? If so, this seems to raise questions of standing. For example, if a German citizen can't sue the US government in US courts for kidnapping and torture, how will they have the standing to sue the US government for breaching their privacy rights?

Several different issues. First, US law regarding standing is not the same law that applies in other countries (some of which are civil code and not even common law based and some of the common law based countries will not have the same case decisons on standing.

Also, it was not standing that kept el-Masri out of court, but rather the nifty little "state secrets" invocation and some other issues regarding definitions by our executive of torture and proof issues given the way his abduction was handled. Standing has been an issue in the States with US citizens suing the telecoms and NSA. It is not really a "decided" matter yet, with courts splitting on the standing issue and nothing to the Sup Ct yet.

Most importantly, what you would likely have is not so much a German citizen suing the telecoms directly, as a German prosecutor suing the company for criminal or civil violations of German law. We started to see that here in the States, where some non-corrupt, not in Bush's pocket, State AGs filed suits for the privacy violations. However, the Bush lawyers housed at DOJ intervened to assert "states secrets" and the courts here have been signing off in a pretty alarming fashion to all those invocations for criminal coverup. But there's absolutely no assurance that would happen overseas and it's likely that it would not happen for that matter. For example, you can compare what happened with the European Privacy Commisioners in the SWIFT situation - where they demanded and received information and took action - with the milquetoast reactions of US courts every time "state secrets" are mentioned.

Second, it seems to me that the US government is creating a climate for US telcos that could be so legally treacherous for them, that they might find themselves better served by moving most of their operations overseas. That strikes me as a bad omen for our economy in general. Do you see it this way, or am I reading too much into this?

It all depends on what happens. I can't imagine that the $$ would really support their ability to pick up and move (unlike the banking consortium) but what I can see is that they might lose licenses or assets overseas or be in breach of agreements or unable to work on certain contracts or foreign gov work, etc. But that's all just spec. Obviously the real problems kick in on the US persons front, but I see a lot of problems in what seems to be so easily dismissed as the "foreign to foreign" surveillance. Granted, there's no big problem there for wave communications that everyone can get, but for wire communications and emails I think there is a big problem even for the foreign to foreign scenario, if it is an "all" foreign to foreign.

The Sun paper is co-authored by Stanford's Research Institute, Princeton, Univ of PA, Columbia, it is a composite wider than merely Sun, though Sun is an important server and software entity presence in that authorship aggregation; there is a link to that document in footnote 144 in the DKris monograph.
On the lhp musing about ip telephone, I wonder what the new Google technology is which was advertised over the past few weeks in hints about a new service to rollout which would 'find' and recognize the client irrespective of geographic location; whatever the debut turns out to be, it will be in compliance with the existing legal framework, and perhaps address some of the problems with place which lhp discussed. Then there is the turmoil skype is creating in the tariff realm very precious to grandfathered Telcos; I would wonder how efficiently bottable.

JohnLopresti, thx for correcting my shorthand on the document provenance. (I'd figured people were already overwhelmed with details, but in this case the accuracy is important, and does speak to the fact that the concerns are more widely spread than simply being limited to Sun.)

Skype is a whole new paradigm; I can't keep up with it.
OT, but the Christian Science Monitor did an extremely intriguing article on its use by foreign language instructors, who are setting up (US) students with 'talkpals' in other lands, and using Skype to match their students up with native speakers of the foreign language for practice in speaking and listening on a weekly basis. From what I understand of language acquisition, it looked like a first-rate concept. What an age we do live in.

As for the Google initiative... have to catch up on it later.
Swung by to be sure no one had left a query, and sweep up the floors around here.